News

Navigation

Objective

SDN1 Controllers are the brain and decision maker in the SDN-based network infrastructure. A controller consist of a set of application components to act as an essential control point in the network infrastructure and make decisions to programs the forwarding behavior for the packets passing through routers/switches.There are a number of SDN controllers exist, and are still being developed and used at an ever-increasing pace and have the potential of being used for next generation networks.

The objective of this document is to provide a basis and rationale to indicate differences in between different controllers, by comparing how user-friendly they are and what sort of features they offer. In addition to that implement a SDN based network infrastructure by using at least two different SDN controllers and do a flow walk from switch to controller and vice versa.

Part (a) SDN controllers

As stated earlier a SDN controller is a control center of the SDN based network, talking with switches through south-bound link to program packet forwarding instructions and communicate with applications on it’s north-bound side. There are multiple SDN controllers available and they differ from each other in various aspects. In this section, we will compare the following four controllers from the perspective of feature set, integration, applicability and easiness of use.

OpenDaylight

Open Network Operating System (ONOS)

Ryu

Trema

1Software Defined Network

I’m summarising the comparison of above four controllers by looking at features, capability, applicability and supported networks. The following diagram shows the different characteristics that I would use for comparative analysis:

The value of a SDN controller characteristics arises from the fact of its applicability, features set and easiness of use a controller support. For example, a controller must have features such as Neutron plugins, and port and flow configurability if a controller has to support openStack-based virtualization of a network.

On top of that, applications also require the services they want from the network. For example, an application that is very delay sensitive would expect from controller to provide an end-to-end path with minimum delay and jitter.

Let’s look at different aspects of multiple controllers, the result of the comparison is shown below in a tabular format. As a results, none of the controllers seem to be optimal but OpenDaylight looks more suitable for the majority of the use case and requirements.

In summary the controller is selected by matching the requirements of a network. OpenDaylight is a clear winner based on the above comparison and could be one of the reasons for its his popularity among vendors. Ryu and ONOS have a similar number of use case supports, where Ryu having support for two important use cases: packets service insertion and chaining. Similarly, Trema has similar uses case supports but poor in supporting a whole bunch of features set.

Part (b) Hands on experience with SDN Controllers

The purpose of this section is to set up a SDN LAB and walkthrough how OpenFlow would work in a production SDN deployment.

OpenDaylight + Mininet

Software platform to build lab

Linux (Core operating system to run Virtual machines for OpenDaylight and Mininet)

Step 2: Building network

A network was build using tree topology with Open vSwitch switches with the control of OpenDaylight as SDN controller making use of OpenFlow13 to talk to south bound switches. The following command is used:

And as a results, the following screenshot confirms I entered into Mininet’s CLI that allows to control, and manage the entire virtual network from a single console. For example, the CLI command:

Step 3: Controller communication with the switches

At the same time while tailing logs on the OpenDaylight controller I observed that all of the seven Open vSwitches can talk to controller that we set up during the creation of network via --controller=remote,ip=100.102.132.52,port=6633. Logs from the controller confirming that switches managed to establish a TCP connection:

Step 1: Installation ONOS and Mininet

Step 2: Building network

Since we have not connected any switch to the ONOS controller (yet) and so there is no topology, devices, hosts or flows.

Now since the mininet was/is already installed on the computer (during OpenDaylight + Mininet exercise) and all I needed to is that build a topology with Open vSwitch switches with the control of ORON as SDN controller to talk to south bound switches. The following command is used:

Topology: Linear

ONOS Controller: 100.102.132.52 listening on port 6653

And as a results, the following screenshot confirms I entered into Mininet’s CLI that allows to control, and manage the entire virtual network from a single console. For example, the CLI command:

Step 3: Controller communication with the switches

While tailing logs on the ONOS controller we observed that all of the five Open vSwitches can talk to controller that we set up during the creation of network via --controller=remote,ip=100.102.132.52,port=6633. Logs from the controller confirming that switches managed to establish a TCP connection:

ONOS console has (now) populated the topology:

However it has not discovered hosts yet. The reason of not discovering hosts is because we have not exchanged any frames yet.

Step 4: Testing out connectivity and hosts discovery

Running pingall test to check connectivity between every pair of nodes to discover the hosts connected to switches:

Since now we have run the pingall that passed the frames among all of the nodes. Given that, the hosts are (now) discovered on the ONOS controller and so we should be able to see all of the hosts on it:

Step 5: Flow table

From Mininet CLI “ovs-ofctl” could be used to dump flow table for the switches. Say for example, we could use the following command in order to dump flow table for the switch named openflow:1

A firewall filters provide rules that define whether to permit or deny packets that are transiting an interface on a switch or router from a source address to a destination address. They can be applied to ports, VLANs, or layer 3 interfaces.

The following firewall filter types are supported for EX-series switches:

VLAN firewall filter—VLAN firewall filters provide access control for packets that enter a VLAN, are bridged within a LAN, and leave a VLAN. You can apply VLAN firewall filters in both ingress and egress directions on a VLAN. VLAN firewall filters are applied to all packets that are forwarded to or forwarded from the VLAN.

You may have used traceroute in a Micrsoft OS or in Unix. It’s quite simple and can tell you a few things about the connection between you and any other device on the internet. So what if the problem were intermittent, or traceroute did not show any problems because perhaps the choke point is experiencing intermittent bursts of data? Enter MTR, the big brother to traceroute. MTR (or My Trace Route) can show you a constant display of each link and how it’s holding up.

Since JUNOS 8.0 there is a new option which allows to run traceroute in a 'MTR-like' mode:

jahil@R1> traceroute monitor 4.2.2.2

where 4.2.2.2 is an IP or domain-name of the target host.

You can do a more intensive version of this through the JUNOS shell. Requires root access

Cisco released IOS 15.0. This is the next major release after 12.4. It’s been over 4 years since Cisco has delivered a major release of IOS code. The new features listed in the documentation include:

•BGP Event Based VPN Import;•BGP Per Neighbor Graceful Restart Configuration;•BGP RT Changes Without PE-CE Neighbor Impact;•BGP local convergence in MPLS VPN networks (the feature has already been available in 12.2 SRC, now it’s available on more platforms);•Full BFD support, including static routes, BFD-in-VRF and BFD-over-Frame Relay (next step: test it on a 2800-series router);•DHCP authentication;•DMVPN tunnel health monitoring;•EEM 3.1 (whatever that is, the EEM documentation hasn’t been updated yet);•Interaction between IS-IS and LDP;•OSPF graceful shutdown and OSPF TTL security check features are available on more platforms;•Intra-zone traffic inspection in zone-based firewall;•VRF Aware RSVP Agent and Gateway;•WCCP: VRF Support;

The JUNOS command completion feature saves you lots of time and energy, and it provides syntax checking as you type. Gone are the days when you type a command on a line and after you press Enter the command is either invalid or not supported on that version of software. Any error or ambiguity will be detected early, and the router/switch will present a list of valid completions for the current command.

You can disable command completion on a per-login basis by modifying the CLI environment with an operational mode set cli command:

You can evoke command completion by using either the space bar or the Tab key. Note that the Tab key also completes user-assigned variables such as interface names, IP addresses, firewall filters, and filenames.

Note: The most confusing thing about command completion is when to use space and when to use tab. The space bar is used until a variable is reached, at which time the Tab key is used to auto-complete the user variable for the filter name of test_JUNOS-JAHIL-FILTER.

Remember Juniper's JUNOS is heavily influenced by Unix, afterall it does sit on top of FreeBSD. You can use EMACS commands for cursor movement, which include:

Ctrl-a Moves the cursor to the beginning of the command line, back to the promptCtrl-e Moves the cursor to the end of the command lineCtrl-b Moves the cursor back one characterCtrl-k Delete everything from the current cursor position to the end of the lineCtrl-x Delete the entrie line.Ctrl-l Bring back the current lineCtrl-p Scroll back through command history (analogous to up arrow)Ctrl-n Scroll forward through command history (analogous to down arrow)Ctrl-r Search command history for a string

Just like in GNU less you can

say you run a show, this has been pageanated, that is split into pages if the output of the command shows more than one screen. You can go all the way to end by hittingGsimilarly you can return to the first of the output by typingg